hj
This MR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
FairwindsOps/pluto | minor |
5.16.4 -> 5.18.4
|
|
defenseunicorns/zarf | minor |
v0.27.0 -> 0.29.2
|
|
fluxcd/flux2 | minor |
2.0.1 -> 2.1.0
|
|
golang | stage | minor |
1.19 -> 1.21
|
golang | stage | minor |
1.13 -> 1.21
|
google/go-containerregistry | minor |
v0.15.2 -> 0.16.1
|
|
helm/helm | patch |
3.12.0 -> 3.12.3
|
|
kyverno/kyverno | minor |
v1.9.2 -> 1.10.3
|
|
mikefarah/yq | minor |
4.34.1 -> 4.35.1
|
|
rancher/k3d | minor |
5.5.1 -> 5.6.0
|
|
registry.access.redhat.com/ubi8/ubi | stage | minor |
8.4 -> 8.8
|
terraform-aws-modules/eks/aws (source) | module | minor |
19.15.2 -> 19.16.0
|
terraform-aws-modules/iam/aws (source) | module | minor |
4.7.0 -> 4.24.1
|
terraform-aws-modules/vpc/aws (source) | module | minor |
5.0.0 -> 5.1.2
|
Release Notes
FairwindsOps/pluto
v5.18.4
Changelog
You can verify the signatures of both the checksums.txt file and the published docker images using cosign.
cosign 1.x
cosign verify-blob checksums.txt --signature=checksums.txt.sig --key https://artifacts.fairwinds.com/cosign.pub
cosign 2.x
cosign verify-blob checksums.txt --signature=checksums.txt.sig --key https://artifacts.fairwinds.com/cosign.pub --insecure-ignore-tlog
cosign verify us-docker.pkg.dev/fairwinds-ops/oss/pluto:v5 --key https://artifacts.fairwinds.com/cosign.pub
v5.18.3
Changelog
You can verify the signatures of both the checksums.txt file and the published docker images using cosign.
cosign 1.x
cosign verify-blob checksums.txt --signature=checksums.txt.sig --key https://artifacts.fairwinds.com/cosign.pub
cosign 2.x
cosign verify-blob checksums.txt --signature=checksums.txt.sig --key https://artifacts.fairwinds.com/cosign.pub --insecure-ignore-tlog
cosign verify us-docker.pkg.dev/fairwinds-ops/oss/pluto:v5 --key https://artifacts.fairwinds.com/cosign.pub
v5.18.2
Changelog
You can verify the signatures of both the checksums.txt file and the published docker images using cosign.
cosign 1.x
cosign verify-blob checksums.txt --signature=checksums.txt.sig --key https://artifacts.fairwinds.com/cosign.pub
cosign 2.x
cosign verify-blob checksums.txt --signature=checksums.txt.sig --key https://artifacts.fairwinds.com/cosign.pub --insecure-ignore-tlog
cosign verify us-docker.pkg.dev/fairwinds-ops/oss/pluto:v5 --key https://artifacts.fairwinds.com/cosign.pub
v5.18.1
Changelog
You can verify the signatures of both the checksums.txt file and the published docker images using cosign.
cosign 1.x
cosign verify-blob checksums.txt --signature=checksums.txt.sig --key https://artifacts.fairwinds.com/cosign.pub
cosign 2.x
cosign verify-blob checksums.txt --signature=checksums.txt.sig --key https://artifacts.fairwinds.com/cosign.pub --insecure-ignore-tlog
cosign verify us-docker.pkg.dev/fairwinds-ops/oss/pluto:v5 --key https://artifacts.fairwinds.com/cosign.pub
v5.18.0
Changelog
-
b670236
Update FAQ with more details about last-applied-configuration issues (#498) -
802f679
Fix the makefile for local dev (#496) -
6bc2c49
Add flowcontrol deprecations (#493)
You can verify the signatures of both the checksums.txt file and the published docker images using cosign.
cosign 1.x
cosign verify-blob checksums.txt --signature=checksums.txt.sig --key https://artifacts.fairwinds.com/cosign.pub
cosign 2.x
cosign verify-blob checksums.txt --signature=checksums.txt.sig --key https://artifacts.fairwinds.com/cosign.pub --insecure-ignore-tlog
cosign verify us-docker.pkg.dev/fairwinds-ops/oss/pluto:v5 --key https://artifacts.fairwinds.com/cosign.pub
v5.17.0
Changelog
You can verify the signatures of both the checksums.txt file and the published docker images using cosign.
cosign 1.x
cosign verify-blob checksums.txt --signature=checksums.txt.sig --key https://artifacts.fairwinds.com/cosign.pub
cosign 2.x
cosign verify-blob checksums.txt --signature=checksums.txt.sig --key https://artifacts.fairwinds.com/cosign.pub --insecure-ignore-tlog
cosign verify us-docker.pkg.dev/fairwinds-ops/oss/pluto:v5 --key https://artifacts.fairwinds.com/cosign.pub
defenseunicorns/zarf
v0.29.2
What's Changed
Features
- Introduce a
zarf package mirror-resources
command to pull resources from a package without initing or deploying by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1913
⚠ Note: This command currently only supports images and git repositories - Helm chart support requires OCI mirroring which is being workedin #2005
Fixes
- Resolve edge cases with
--tmpdir
behavior not being followed correctly by @Racer159 in https://github.com/defenseunicorns/zarf/pull/2000
Documentation
- Update the FAQ page with more content by @Madeline-UX in https://github.com/defenseunicorns/zarf/pull/2001
- Update the README with additional and more consistent content by @Madeline-UX in https://github.com/defenseunicorns/zarf/pull/2002
Full Changelog: https://github.com/defenseunicorns/zarf/compare/v0.29.1...v0.29.2
v0.29.1
What's Changed
Features
- Introduce
files.extractPath
support to pull files directly from archives by @cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1962 - Add extra environment variables and PVC enable variables to the Zarf Registry Chart by @AbrohamLincoln in https://github.com/defenseunicorns/zarf/pull/1994
- Include the helm repo / helm dependency commands in Zarf and tweak helm build logic by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1991
- Implement chart/manifest merging by name within composable packages by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1975
Fixes
- Throw warning instead of error when last non-breaking version is checked with the default CLIVersion by @lucasrod16 in https://github.com/defenseunicorns/zarf/pull/1981
- Ensure that image manifests inside a Zarf package are pulled as blobs by @UncleGedd in https://github.com/defenseunicorns/zarf/pull/1987
- Copy global Kubernetes label variables to prevent leakage in library scenarios by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1992
- Fix potential for double transform of image references (i.e with operators that self-reference) by @cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1989
Development
- Update the EKS version to support Argo CD in nightly tests by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1978
- Publish the Zarf init package + init skeleton as OCI on release by @Noxsios in https://github.com/defenseunicorns/zarf/pull/1990
New Contributors
- @AbrohamLincoln made their first contribution in https://github.com/defenseunicorns/zarf/pull/1994
Full Changelog: https://github.com/defenseunicorns/zarf/compare/v0.29.0...v0.29.1
v0.29.0
What's Changed
Features
- Add support for mutating repository information in ArgoCD Application CRDs and Repositories by @dgershman in https://github.com/defenseunicorns/zarf/pull/1875
- Introduce
zarf tools update-creds
to roll credentials for Zarf managed git, registry and artifact services by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1898 - Introduce
zarf tools registry prune
to cleanup old images not referenced by currently deployed Zarf packages by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1966 - Add the
--no-color
option to disable ANSI color code output by @caesarshift in https://github.com/defenseunicorns/zarf/pull/1889
Rollup From v0.28 Patch Releases
- Add Zarf Agent support for Prometheus Metrics by @cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1915
- Support
--output
onzarf version
to return more detailed version information by @Noxsios in https://github.com/defenseunicorns/zarf/pull/1916 - Introduce backwards compatibility validation on package deploy by @lucasrod16 in https://github.com/defenseunicorns/zarf/pull/1909
- Add a template for
###ZARF_COMPONENT_NAME###
to be used during component import by @cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1923 - Add additional flux patch override support to the Big Bang extension by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1910
- Add the ability to specify Zarf variables as filepaths by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1906
- Add support for appending
@
git refs to Helm chart git URLs by @cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1892 - Add support for building chart sub-dependencies by @cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1892
- Add
jsonpath
support towait
actions andzarf tools wait-for
by @cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1873 - Add support for named ports on Services in
zarf connect
by @cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1894 - Enable more key managers for signing packages with cosign by @YrrepNoj in https://github.com/defenseunicorns/zarf/pull/1879
- Allow for
zarf crane pull
s andzarf crane push
es without an explicit tunnel or auth for internal registries by @dgershman in https://github.com/defenseunicorns/zarf/pull/1851 - Add
only
filter support and full init package support tozarf package remove
by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1855 - Add
source
file info to SBOM viewer to better track nestedfiles
anddataInjections
by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1865 - Add package version to the
zarf package list
output by @YrrepNoj in https://github.com/defenseunicorns/zarf/pull/1858
Fixes
- Change to
podAntiAffinity
when using theReadWriteMany
access mode for the registry to assist with rolling K8s Nodes by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1898 - No longer rotate credentials on
zarf init
to assist with disaster recovery where a re-init is required @Racer159 in https://github.com/defenseunicorns/zarf/pull/1898 - Update Big Bang extension Flux
GitRepository
API version to remove deprecation warning by @mjnagel in https://github.com/defenseunicorns/zarf/pull/1933 - Fix deploying packages w/no explicit component contents (i.e.
actions
only) by @Noxsios in https://github.com/defenseunicorns/zarf/pull/1973
Rollup From v0.28 Patch Releases
- Use UID and GID for USER in Dockerfile instead of a named user by @flickerfly in https://github.com/defenseunicorns/zarf/pull/1922
- Fix the error return for building helm dependencies by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1911
- Fix a bug with registry push/pull on detected but invalid clusters by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1930
- Fix simple repos causing an 'Already Up to Date' error by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1942
- Fix registry injector failures for generic images (i.e. the one from Iron Bank) by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1896
- Properly catch user interrupts when using Zarf commands by @caesarshift in https://github.com/defenseunicorns/zarf/pull/1891
- Correctly create all namespaces when in YOLO mode by @YrrepNoj in https://github.com/defenseunicorns/zarf/pull/1878
- Only verify authentication to registry if creds exist and better handle registry scopes by @Noxsios in https://github.com/defenseunicorns/zarf/pull/1893
- Fix inclusion of empty
files
on package creation by @YrrepNoj in https://github.com/defenseunicorns/zarf/pull/1860 - Fix inline-
oci://
create + publish using--output
onzarf package create
by @Noxsios in https://github.com/defenseunicorns/zarf/pull/1857 - Better detection of when to create state in custom
init
packages without thezaf-seed-registry
by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1855
Docs
- Refactor docs paths, standardize admonition syntax and in preparation for Hugo move by @bdfinst in https://github.com/defenseunicorns/zarf/pull/1944, https://github.com/defenseunicorns/zarf/pull/1947 and https://github.com/defenseunicorns/zarf/pull/1948
Rollup From v0.28 Patch Releases
- Improve Config File documentation by @cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1912
- Fix grammar within the
k8s
types package by @cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1937 - Update Git example to reference the Flux example instead of having it's own explanation by @cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1935
- Update the Zarf definition of Generally Available ADR to be more clear by @Madeline-UX in https://github.com/defenseunicorns/zarf/pull/1905
- Fix rendering of the local file and manifests examples by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1874
Dependencies
- Update all non-major dependencies by @renovate in https://github.com/defenseunicorns/zarf/pull/1866
- Update typescript-eslint monorepo to v6 (major) by @renovate in https://github.com/defenseunicorns/zarf/pull/1955
- Update dependency nodemon to v3 by @renovate in https://github.com/defenseunicorns/zarf/pull/1951
- Update dependency eslint-config-prettier to v9 by @renovate in https://github.com/defenseunicorns/zarf/pull/1950
Rollup From v0.28 Patch Releases
- Update dependency prettier to v3 by @renovate in https://github.com/defenseunicorns/zarf/pull/1880
- Update github.com/anchore/stereoscope digest to
d1f3d76
by @renovate in https://github.com/defenseunicorns/zarf/pull/1919 - Update github.com/anchore/stereoscope digest to
cd49355
by @renovate in https://github.com/defenseunicorns/zarf/pull/1680 - Update aws-actions/configure-aws-credentials digest to
5fd3084
by @renovate in https://github.com/defenseunicorns/zarf/pull/1825 - Update module github.com/fluxcd/source-controller/api to v1 by @renovate in https://github.com/defenseunicorns/zarf/pull/1877
- Update Terraform aws module in the variables example to v5 by @renovate in https://github.com/defenseunicorns/zarf/pull/1850
- Update svelte to v4 for deployment web UI by @renovate in https://github.com/defenseunicorns/zarf/pull/1840
- Update all non-major dependencies by @renovate in https://github.com/defenseunicorns/zarf/pull/1790
Development
- Refactor
utils.DoHostnamesMatch
to be more usable as a library by @cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1953 - Reduce test disk usage and normalize git tests by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1958 and https://github.com/defenseunicorns/zarf/pull/1967
- Add copy commands to the example package publish workflow to allow for
uname -m
by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1959 - Add unit tests for
validatePackageArchitecture()
method by @lucasrod16 in https://github.com/defenseunicorns/zarf/pull/1957 - Add a
text
section to the slackjson
that notifies of nightly test failures by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1964 - Disable
grafana
in the values file for BB tests to reduce test resource utilization by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1971 - Refactor and add library functions to support UDS
bundle
s and other library usage of Zarf by @Noxsios in https://github.com/defenseunicorns/zarf/pull/1770 - Combine all e2e tests into a single multi stage workflow to optimize resource utilization by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1968
Rollup From v0.28 Patch Releases
- Add a pending ADR for how to maintain the Zarf transform code for a Pepr Zarf Agent by @cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1900
- Introduce a workflow for publishing an example application package as OCI to GHCR by @YrrepNoj in https://github.com/defenseunicorns/zarf/pull/1856 and https://github.com/defenseunicorns/zarf/pull/1926
- Update CODEOWNERS to replace @YrrepNoj with @cmwylie19 by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1924
- Return images as an array of strings for all components in
packager.FindImages
by @cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1927 - Add a slack webhook that triggers when nightly tests fail by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1941
- Allow for the injector to be built in docker and uploaded to S3 by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1917
- Reduce the size of the
transform
package for easier reuse as a library by @cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1883 - Create
Pending
zarf bundle
ADR to start work on multi-package orchestration by @Noxsios in https://github.com/defenseunicorns/zarf/pull/1820 - Create
Pending
Zarf hooks ADR to start work on handling environment prerequisites for components by @YrrepNoj in https://github.com/defenseunicorns/zarf/pull/1813 - Refactor large workflows into multiple jobs and fix the release workflow by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1901, https://github.com/defenseunicorns/zarf/pull/1902, and https://github.com/defenseunicorns/zarf/pull/1903
Full Changelog: https://github.com/defenseunicorns/zarf/compare/v0.28.4...v0.29.0
v0.28.4
What's Changed
Features
- Add Zarf Agent support for Prometheus Metrics by @cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1915
- Support
--output
onzarf version
to return more detailed version information by @Noxsios in https://github.com/defenseunicorns/zarf/pull/1916 - Introduce backwards compatibility validation on package deploy by @lucasrod16 in https://github.com/defenseunicorns/zarf/pull/1909
- Add a template for
###ZARF_COMPONENT_NAME###
to be used during component import by @cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1923
Fixes
- Use UID and GID for USER in Dockerfile instead of a named user by @flickerfly in https://github.com/defenseunicorns/zarf/pull/1922
- Fix the error return for building helm dependencies by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1911
- Fix a bug with registry push/pull on detected but invalid clusters by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1930
- Fix simple repos causing an 'Already Up to Date' error by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1942
Docs
- Improve Config File documentation by @cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1912
- Fix grammar within the
k8s
types package by @cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1937 - Update Git example to reference the Flux example instead of having it's own explanation by @cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1935
Dependencies
- Update dependency prettier to v3 by @renovate in https://github.com/defenseunicorns/zarf/pull/1880
- Update github.com/anchore/stereoscope digest to
d1f3d76
by @renovate in https://github.com/defenseunicorns/zarf/pull/1919
Developement
- Add a pending ADR for how to maintain the Zarf transform code for a Pepr Zarf Agent by @cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1900
- Introduce a workflow for publishing an example application package as OCI to GHCR by @YrrepNoj in https://github.com/defenseunicorns/zarf/pull/1856 and https://github.com/defenseunicorns/zarf/pull/1926
- Update CODEOWNERS to replace @YrrepNoj with @cmwylie19 by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1924
- Return images as an array of strings for all components in
packager.FindImages
by @cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1927 - Add a slack webhook that triggers when nightly tests fail by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1941
- Allow for the injector to be built in docker and uploaded to S3 by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1917
New Contributors
- @flickerfly made their first contribution in https://github.com/defenseunicorns/zarf/pull/1922
Full Changelog: https://github.com/defenseunicorns/zarf/compare/v0.28.3...v0.28.4
v0.28.3
What's Changed
Features
- Add additional flux patch override support to the Big Bang extension by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1910
- Add the ability to specify Zarf variables as filepaths by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1906
Fixes
- Fix registry injector failures for generic images (i.e. the one from Iron Bank) by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1896
Docs
- Update the Zarf definition of Generally Available ADR to be more clear by @Madeline-UX in https://github.com/defenseunicorns/zarf/pull/1905
Full Changelog: https://github.com/defenseunicorns/zarf/compare/v0.28.2...v0.28.3
v0.28.2
What's Changed
Features
- Add support for appending
@
git refs to Helm chart git URLs by @cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1892 - Add support for building chart sub-dependencies by @cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1892
- Add
jsonpath
support towait
actions andzarf tools wait-for
by @cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1873 - Add support for named ports on Services in
zarf connect
by @cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1894 - Enable more key managers for signing packages with cosign by @YrrepNoj in https://github.com/defenseunicorns/zarf/pull/1879
Fixes
- Properly catch user interrupts when using Zarf commands by @caesarshift in https://github.com/defenseunicorns/zarf/pull/1891
- Correctly create all namespaces when in YOLO mode by @YrrepNoj in https://github.com/defenseunicorns/zarf/pull/1878
- Only verify authentication to registry if creds exist and better handle registry scopes by @Noxsios in https://github.com/defenseunicorns/zarf/pull/1893
Dependencies
- Update github.com/anchore/stereoscope digest to
cd49355
by @renovate in https://github.com/defenseunicorns/zarf/pull/1680 - Update aws-actions/configure-aws-credentials digest to
5fd3084
by @renovate in https://github.com/defenseunicorns/zarf/pull/1825 - Update module github.com/fluxcd/source-controller/api to v1 by @renovate in https://github.com/defenseunicorns/zarf/pull/1877
Development
- Reduce the size of the
transform
package for easier reuse as a library by @cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1883 - Create
Pending
zarf bundle
ADR to start work on multi-package orchestration by @Noxsios in https://github.com/defenseunicorns/zarf/pull/1820 - Create
Pending
Zarf hooks ADR to start work on handling environment prerequisites for components by @YrrepNoj in https://github.com/defenseunicorns/zarf/pull/1813 - Refactor large workflows into multiple jobs and fix the release workflow by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1901, https://github.com/defenseunicorns/zarf/pull/1902, and https://github.com/defenseunicorns/zarf/pull/1903
New Contributors
- @caesarshift made their first contribution in https://github.com/defenseunicorns/zarf/pull/1891
Full Changelog: https://github.com/defenseunicorns/zarf/compare/v0.28.1...v0.28.2
v0.28.1
What's Changed
Features
- Allow for
zarf crane pull
s andzarf crane push
es without an explicit tunnel or auth for internal registries by @dgershman in https://github.com/defenseunicorns/zarf/pull/1851 - Add
only
filter support and full init package support tozarf package remove
by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1855 - Add
source
file info to SBOM viewer to better track nestedfiles
anddataInjections
by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1865 - Add package version to the
zarf package list
output by @YrrepNoj in https://github.com/defenseunicorns/zarf/pull/1858
Fixes
- Fix inclusion of empty
files
on package creation by @YrrepNoj in https://github.com/defenseunicorns/zarf/pull/1860 - Fix inline-
oci://
create + publish using--output
onzarf package create
by @Noxsios in https://github.com/defenseunicorns/zarf/pull/1857 - Better detection of when to create state in custom
init
packages without thezaf-seed-registry
by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1855
Docs
- Fix rendering of the local file and manifests examples by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1874
Dependencies
- Update Terraform aws module in the variables example to v5 by @renovate in https://github.com/defenseunicorns/zarf/pull/1850
- Update svelte to v4 for deployment web UI by @renovate in https://github.com/defenseunicorns/zarf/pull/1840
- Update all non-major dependencies by @renovate in https://github.com/defenseunicorns/zarf/pull/1790
Full Changelog: https://github.com/defenseunicorns/zarf/compare/v0.28.0...v0.28.1
v0.28.0
What's Changed
⚠ Breaking Changes
- Update the default
init
package'sk3s
version tov1.27.2+k3s1
fromv1.24.1+k3s1
by @renovate in https://github.com/defenseunicorns/zarf/pull/1709
This only impacts existing deployments using the
k3s
component from the defaultinit
package, and the deprecated APIs are outlined in the K8s Deprecated API Migration Guide. Chart manifests will need to be updated to support the new APIs and will need to be redeployed to the cluster ideally prior to upgradingk3s
. Zarf-managed charts can detect deprecations and attempt migrations after ak3s
update but any GitOps deployments will need to be updated manually (see the Helm mapkubeapis plugin if you need to do this after updatingk3s
)
Features
- Improve package confirmation UX and display currently set variables by @Racer159 / @Madeline-UX in https://github.com/defenseunicorns/zarf/pull/1682
- Improve error handling and log display during web UI deployments by @mike-winberry / @Madeline-UX in https://github.com/defenseunicorns/zarf/pull/1828
- Improve package selection UX for web UI package deployments by @mike-winberry / @Madeline-UX in https://github.com/defenseunicorns/zarf/pull/1687
- Add
zarf tools crane
root command flags (i.e.--platform
and--insecure
) by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1848 - Add
zarf tools crane ls
command to view tags for a given image reference by @dgershman in https://github.com/defenseunicorns/zarf/pull/1835 - Add the ability to place
files
in the home directory with~
in thetarget
by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1848
Rollup From v0.27 Patch Releases
- Add a package warnings section, unhide filtered components, and improve SBOM message user experience by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1749
- Respect
actions.defaults.MaxTotalSeconds
within the Big Bang extension by @Noxsios in https://github.com/defenseunicorns/zarf/pull/1782
Fixes
- Fix
git
repository fallbacks for branch, tag, and full repository clones by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1841 - Fix
Pending
pods causing the Zarf injection process to stall by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1844 - Fix deploy page in web UI not properly handling fatal error responses by @mike-winberry in https://github.com/defenseunicorns/zarf/pull/1842
Rollup From v0.27 Patch Releases
- Correctly name the HelmRelease manifest file for the Big Bang extension by @mjnagel in https://github.com/defenseunicorns/zarf/pull/1748
- Fix filepaths not being allowed to be nonexistent during component compose by @Noxsios in https://github.com/defenseunicorns/zarf/pull/1758
- Fix Importing OCI skeleton components w/ no local resources by @Noxsios in https://github.com/defenseunicorns/zarf/pull/1774
- Fix Big Bang OCI compose and Big Bang
--differential
package creation by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1762 - Fix
htpasswd
generation causing issues with external registry passwords longer than 72 bytes by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1786
Docs
- Improve the component actions docs and examples (i.e. better explaining
./zarf
) by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1826 - Fix the component import examples not showing in docs by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1843
- Update the Big Bang example to include a teardown script by @jacobbmay in https://github.com/defenseunicorns/zarf/pull/1817
- Fix dead README / CONTRIBUTING links by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1800
- Add initial docs around alpha/beta/stable definitions and plans for General Availability (GA) by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1812
- Update the Nerd Notes page to include more information about the Zarf Agent by @cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1807
- Elaborate on each package's purpose in the
packages/README.md
file by @cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1818
Rollup From v0.27 Patch Releases
- Improve package examples in Zarf documentation by @Noxsios in https://github.com/defenseunicorns/zarf/pull/1741
- Add a Zarf package create differential tutorial by @JasonvanBrackel in https://github.com/defenseunicorns/zarf/pull/1735
- Update the Zarf feature list and why to use Zarf by @Madeline-UX in https://github.com/defenseunicorns/zarf/pull/1769
- Remove untested / unused examples by @Noxsios in https://github.com/defenseunicorns/zarf/pull/1753
Dependencies
- Update all non-major dependencies by @renovate in https://github.com/defenseunicorns/zarf/pull/1709
- Update module github.com/moby/moby to v24 by @renovate in https://github.com/defenseunicorns/zarf/pull/1718
- Update aws-actions/configure-aws-credentials digest to
5727f24
by @renovate in https://github.com/defenseunicorns/zarf/pull/1761 - Update dependency prism-react-renderer to v2 by @renovate in https://github.com/defenseunicorns/zarf/pull/1643
- Removed unused direct dependencies for the web UI by @mike-winberry in https://github.com/defenseunicorns/zarf/pull/1822
Rollup From v0.27 Patch Releases
- Update dependency @fontsource/roboto to v5 by @renovate in https://github.com/defenseunicorns/zarf/pull/1738
- Update Gitea image to
1.19.3-rootless
(with Gitea Helm Chart 8.3.0) by @renovate in https://github.com/defenseunicorns/zarf/pull/1505
Development
- Complete the Zarf General Availability ADR by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1768
- Enhance backwards compatibility testing with more high-level Zarf primitives by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1789
- Refactor / optimize internal OCI functions to enhance reuse by @Noxsios in https://github.com/defenseunicorns/zarf/pull/1764
- Reduce disk pressure in upgrade and release workflows by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1847
- Fix Renovate ignoring the examples directory by @dgershman in https://github.com/defenseunicorns/zarf/pull/1836
Rollup From v0.27 Patch Releases
- Fix the nightly AWS EKS / ECR tests by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1740
- Add GitHub URLs in zarf.yamls to the Renovate bot regex matcher by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1755
- Properly remove files in parallel tests for component actions by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1784
- Fix some issues with releases running out of space by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1785
New Contributors
- @jacobbmay made their first contribution in https://github.com/defenseunicorns/zarf/pull/1817
Full Changelog: https://github.com/defenseunicorns/zarf/compare/v0.27.1...v0.28.0
v0.27.1
What's Changed
Features
- Add a package warnings section, unhide filtered components, and improve SBOM message user experience by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1749
- Respect
actions.defaults.MaxTotalSeconds
within the Big Bang extension by @Noxsios in https://github.com/defenseunicorns/zarf/pull/1782
Fixes
- Correctly name the HelmRelease manifest file for the Big Bang extension by @mjnagel in https://github.com/defenseunicorns/zarf/pull/1748
- Fix filepaths not being allowed to be nonexistent during component compose by @Noxsios in https://github.com/defenseunicorns/zarf/pull/1758
- Fix Importing OCI skeleton components w/ no local resources by @Noxsios in https://github.com/defenseunicorns/zarf/pull/1774
- Fix Big Bang OCI compose and Big Bang
--differential
package creation by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1762 - Fix
htpasswd
generation causing issues with external registry passwords longer than 72 bytes by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1786
Docs
- Improve package examples in Zarf documentation by @Noxsios in https://github.com/defenseunicorns/zarf/pull/1741
- Add a Zarf package create differential tutorial by @JasonvanBrackel in https://github.com/defenseunicorns/zarf/pull/1735
- Update the Zarf feature list and why to use Zarf by @Madeline-UX in https://github.com/defenseunicorns/zarf/pull/1769
- Remove untested / unused examples by @Noxsios in https://github.com/defenseunicorns/zarf/pull/1753
Dependencies
- Update dependency @fontsource/roboto to v5 by @renovate in https://github.com/defenseunicorns/zarf/pull/1738
- Update Gitea image to
1.19.3-rootless
(with Gitea Helm Chart 8.3.0) by @renovate in https://github.com/defenseunicorns/zarf/pull/1505
Development
- Fix the nightly AWS EKS / ECR tests by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1740
- Add GitHub URLs in zarf.yamls to the Renovate bot regex matcher by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1755
- Properly remove files in parallel tests for component actions by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1784
- Fix some issues with releases running out of space by @Racer159 in https://github.com/defenseunicorns/zarf/pull/1785
Full Changelog: https://github.com/defenseunicorns/zarf/compare/v0.27.0...v0.27.1
fluxcd/flux2
v2.1.0
Highlights
Flux v2.1.0 is a feature release. Users are encouraged to upgrade for the best experience.
The Flux APIs were extended with new opt-in features in a backwards-compatible manner.
The Flux Git capabilities have been improved with support for Git push options, Git refspec, Gerrit, HTTP/S and SOCKS5 proxies.
The Flux alerting capabilities have been extended with Datadog support.
The Flux controllers come with performance improvements when reconciling Helm repositories with large indexes (80% memory reduction), and when reconciling Flux Kustomizations with thousands of resources (x4 faster server-side apply). The load distribution has been improved when reconciling Flux objects in parallel to reduce CPU and memory spikes.
Deprecations
Flux v2.1.0 comes with support for Kubernetes TLS Secrets when referring to secrets containing TLS certs, and deprecates the usage of caFile
, keyFile
and certFile
keys.
For more details about the TLS changes please see the Kubernetes TLS Secrets section.
Flux v2.1.0 comes with major improvements to the Prometheus monitoring stack. Starting with this version, Flux is leveraging the kube-state-metrics
CRD exporter to report metrics containing rich information about Flux reconciliation status e.g. Git revision, Helm chart version, OCI artifacts digests, etc. The gotk_reconcile_condition
metrics was deprecated in favor of the gotk_resource_info
.
For more details about the new monitoring stack please see the Flux Prometheus metrics documentation and the flux2-monitoring-example repository.
API changes
GitRepository v1
The GitRepository API was extended with the following fields:
-
.spec.proxySecretRef.name
is an optional field used to specify the name of a Kubernetes Secret that contains the HTTP/S or SOCKS5 proxy settings. -
.spec.verify.mode
now support one of the following valuesHEAD
,Tag
,TagAndHEAD
.
Kustomization v1
The Kustomization API was extended with two apply policies IfNotPresent
and Ignore
.
Changing the apply behaviour for specific Kubernetes resources, can be done using the following annotations:
Annotation | Default | Values | Role |
---|---|---|---|
kustomize.toolkit.fluxcd.io/ssa |
Override |
- Override - Merge - IfNotPresent - Ignore
|
Apply policy |
kustomize.toolkit.fluxcd.io/force |
Disabled |
- Enabled - Disabled
|
Recreate policy |
kustomize.toolkit.fluxcd.io/prune |
Enabled |
- Enabled - Disabled
|
Delete policy |
The IfNotPresent
policy instructs the controller to only apply the Kubernetes resources if they are not present on the cluster.
This policy can be used for Kubernetes Secrets
and ValidatingWebhookConfigurations
managed by cert-manager,
where Flux creates the resources with fields that are later on mutated by other controllers.
ImageUpdateAutomation v1beta1
The ImageUpdateAutomation was extended with the following fields:
-
.spec.git.push.refspec
is an optional field used to specify a Git refspec used when pushing commits upstream. -
.spec.git.push.options
is an optional field used to specify the Git push options to be sent to the Git server when pushing commits upstream.
Kubernetes TLS Secrets
All the Flux APIs that accept TLS data have been modified to adopt Secrets of type
kubernetes.io/tls
. This includes:
-
HelmRepository: The field
.spec.secretRef
has been deprecated in favor of a new field.spec.certSecretRef
. -
OCIRepository: Support for the
caFile
,keyFile
andcertFile
keys in the Secret specified in.spec.certSecretRef
have been deprecated in favor ofca.crt
,tls.key
andtls.crt
. -
ImageRepository: Support for the
caFile
,keyFile
andcertFile
keys in the Secret specified in.spec.certSecretRef
have been deprecated in favor ofca.crt
,tls.key
andtls.crt
. -
GitRepository: CA certificate can now be provided in the Secret specified in
.spec.secretRef
using theca.crt
key, which takes precedence over thecaFile
key.
Upgrade procedure
Upgrade Flux from v2.0.x
to v2.1.0
either by rerunning bootstrap or by using the Flux GitHub Action.
To upgrade Flux from v0.x
to v2.1.0
please follow the Flux GA upgrade procedure.
Kubernetes compatibility
This release is compatible with the following Kubernetes versions:
Kubernetes version | Minimum required |
---|---|
v1.25 |
>= 1.25.0 |
v1.26 |
>= 1.26.0 |
v1.27 |
>= 1.27.1 |
v1.28 |
>= 1.28.0 |
Note that Flux may work on older versions of Kubernetes e.g. 1.21, but we don't recommend running end-of-life versions in production nor do we offer support for these versions.
New Documentation
- Flux installation
- Flux bootstrap
- Flux configuration
- Flux Prometheus metrics
- Flux custom Prometheus metrics
- Flux logs
- Flux events
Components changelog
- source-controller v1.1.0
- kustomize-controller v1.1.0
- notification-controller v1.1.0
- helm-controller v0.36.0
- image-reflector-controller v0.30.0
- image-automation-controller v0.36.0
CLI Changelog
- MR #4189 - @hiddeco - Update dependencies
- MR #4186 - @fluxcdbot - Update toolkit components
- MR #4183 - @somtochiama - Fix autocompletion for helm chart
- MR #4182 - @hiddeco - manifestgen/install: use clean default HTTP client
- MR #4181 - @hiddeco - cmd/events: handle error value
- MR #4180 - @stefanprodan - Fix controller version info
- MR #4177 - @stefanprodan - Set min value for the
--ssh-rsa-bits
flag - MR #4176 - @hiddeco - ci: disable fail-fast for ARM end-to-end
- MR #4175 - @hiddeco - build: update securejoin dependency
- MR #4169 - @darkowlzz - Add monitoring configuration deprecation notice
- MR #4167 - @dependabot[bot] - build(deps): bump the ci group with 2 updates
- MR #4166 - @stefanprodan - e2e: Add Kubernetes v1.28.0 to conformance tests
- MR #4151 - @hiddeco - ci: enable security-and-quality CodeQL query
- MR #4147 - @aryan9600 - Adopt Kubernetes style TLS Secrets and add relevant flags
- MR #4142 - @dependabot[bot] - build(deps): bump the ci group with 2 updates
- MR #4140 - @somtochiama - Disable azure e2e test
- MR #4134 - @sestegra - monitoring: add OCIRepository in cluster dashboard and new source panels in control-plane dashboard
- MR #4131 - @mraerino - Fix selection of kustomization resource from multi doc yaml
- MR #4126 - @stefanprodan - Set Kubernetes min version to 1.25
- MR #4077 - @dependabot[bot] - build(deps): bump the ci group with 2 updates
- MR #4068 - @stefanprodan - Update dependencies
- MR #4065 - @hiddeco - action: support
openssl
andsha256sum
- MR #4062 - @souleb - diff: Take into account the server-side inventory for local Flux Kustomizations
- MR #4061 - @hiddeco - action: re-allow configuration of non-default token
- MR #4057 - @fluxcdbot - Update toolkit components
- MR #4052 - @stefanprodan - docs: Link to the Flux GitHub Action documentation
- MR #4051 - @hiddeco - action: use
$RUNNER_TOOL_CACHE
, support MacOS and Windows, validate checksum - MR #4046 - @stefanprodan - ci: backport: set write permissions
- MR #4043 - @stefanprodan - ci: release: extract the image tag from GITHUB_REF
- MR #4041 - @hiddeco - ci: release: disable interpretation backslash esc
google/go-containerregistry
v0.16.1
Release is broken due to goreleaser error, 0.16.1 has the fix
What's Changed
- bump deps using ./hack/bump-deps.sh by @imjasonh in https://github.com/google/go-containerregistry/pull/1702
- Allow crane to export schema 1 images by @jonjohnsonjr in https://github.com/google/go-containerregistry/pull/1704
- fixed a goroutine leak by @ktarplee in https://github.com/google/go-containerregistry/pull/1705
- retry HTTP 522 errors by default by @imjasonh in https://github.com/google/go-containerregistry/pull/1707
- Limit size of manifest by @AdamKorcz in https://github.com/google/go-containerregistry/pull/1711
- Add crane auth token by @jonjohnsonjr in https://github.com/google/go-containerregistry/pull/1709
- Bump codecov/codecov-action from 3.1.3 to 3.1.4 by @dependabot in https://github.com/google/go-containerregistry/pull/1710
- Pass scopes through crane auth token by @jonjohnsonjr in https://github.com/google/go-containerregistry/pull/1713
- fix: add bounds checking to addendum layer mutations to prevent panic by @aaron-prindle in https://github.com/google/go-containerregistry/pull/1715
- Surface better error messages in crane index by @jonjohnsonjr in https://github.com/google/go-containerregistry/pull/1722
- crane: add missing name option in crane index commands by @HubertZhang in https://github.com/google/go-containerregistry/pull/1723
- crane: Respect cmd.OutOrStdout by @kyleconroy in https://github.com/google/go-containerregistry/pull/1728
- Make ErrSchema1 checkable via errors.Is() by @Laitr0n in https://github.com/google/go-containerregistry/pull/1721
- Don't load into daemon if the image already exists by @jonjohnsonjr in https://github.com/google/go-containerregistry/pull/1724
- add --blobs-to-disk to 'crane registry serve' by @imjasonh in https://github.com/google/go-containerregistry/pull/1731
- Correct crane registry help text by @jonjohnsonjr in https://github.com/google/go-containerregistry/pull/1732
- Allow concurrent blob Sets, use RWMutex by @mattmoor in https://github.com/google/go-containerregistry/pull/1733
- Use RWLock, limit scope of locking, write digest first by @mattmoor in https://github.com/google/go-containerregistry/pull/1734
- Let the filesystem handle atomicity by @mattmoor in https://github.com/google/go-containerregistry/pull/1735
- Don't try cross-origin mounting against dockerhub by @jonjohnsonjr in https://github.com/google/go-containerregistry/pull/1743
- Drop localhost to support crane registry serve in a container by @mattmoor in https://github.com/google/go-containerregistry/pull/1746
- Return OCI Index content-type for referrers response by @jdolitsky in https://github.com/google/go-containerregistry/pull/1762
New Contributors
- @AdamKorcz made their first contribution in https://github.com/google/go-containerregistry/pull/1711
- @HubertZhang made their first contribution in https://github.com/google/go-containerregistry/pull/1723
- @kyleconroy made their first contribution in https://github.com/google/go-containerregistry/pull/1728
- @Laitr0n made their first contribution in https://github.com/google/go-containerregistry/pull/1721
Full Changelog: https://github.com/google/go-containerregistry/compare/v0.15.2...v0.16.1
Container Images
https://gcr.io/go-containerregistry/crane:v0.16.1 https://gcr.io/go-containerregistry/gcrane:v0.16.1
For example:
docker pull gcr.io/go-containerregistry/crane:v0.16.1
docker pull gcr.io/go-containerregistry/gcrane:v0.16.1
v0.16.0
Release is broken due to goreleaser error, 0.16.1 has the fix
helm/helm
v3.12.3
: Helm v3.12.3
Helm v3.12.3 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.
The community keeps growing, and we'd love to see you there!
- Join the discussion in Kubernetes Slack:
- for questions and just to hang out
- for discussing MRs, code, and bugs
- Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
- Test, debug, and contribute charts: ArtifactHub/packages
Installation and Upgrading
Download Helm v3.12.3. The common platform binaries are here:
- MacOS amd64 (checksum / 1bdbbeec5a12dd0c1cd4efd8948a156d33e1e2f51140e2a51e1e5e7b11b81d47)
- MacOS arm64 (checksum / 240b0a7da9cae208000eff3d3fb95e0fa1f4903d95be62c3f276f7630b12dae1)
- Linux amd64 (checksum / 1b2313cd198d45eab00cc37c38f6b1ca0a948ba279c29e322bdf426d406129b5)
- Linux arm (checksum / 6b67cf5fc441c1fcb4a860629b2ec613d0e6c8ac536600445f52a033671e985e)
- Linux arm64 (checksum / 79ef06935fb47e432c0c91bdefd140e5b543ec46376007ca14a52e5ed3023088)
- Linux i386 (checksum / cb789c4753bf66c8426f6be4091349c0780aaf996af0a1de48318f9f8d6b7bc8)
- Linux ppc64le (checksum / 8f2182ae53dd129a176ee15a09754fa942e9e7e9adab41fd60a39833686fe5e6)
- Linux s390x (checksum / f5d5c7a4e831dedc8dac5913d4c820e0da10e904debb59dec65bde203fad1af0)
- Windows amd64 (checksum / f3e2e9d69bb0549876aef6e956976f332e482592494874d254ef49c4862c5712)
This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E
and can be found at @mattfarina keybase account. Please use the attached signatures for verifying this release using gpg
.
The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash
.
What's Next
- 3.13.0 is the next feature release and be on September 13, 2023.
Changelog
- bump kubernetes modules to v0.27.3
3a31588
(Joe Julian) - Add priority class to kind sorter
fb74155
(Stepan Dohnal)
v3.12.2
: Helm v3.12.2
Helm v3.12.2 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.
The community keeps growing, and we'd love to see you there!
- Join the discussion in Kubernetes Slack:
- for questions and just to hang out
- for discussing MRs, code, and bugs
- Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
- Test, debug, and contribute charts: ArtifactHub/packages
Installation and Upgrading
Download Helm v3.12.2. The common platform binaries are here:
- MacOS amd64 (checksum / 6e8bfc84a640e0dc47cc49cfc2d0a482f011f4249e2dff2a7e23c7ef2df1b64e)
- MacOS arm64 (checksum / b60ee16847e28879ae298a20ba4672fc84f741410f438e645277205824ddbf55)
- Linux amd64 (checksum / 2b6efaa009891d3703869f4be80ab86faa33fa83d9d5ff2f6492a8aebe97b219)
- Linux arm (checksum / 39cc63757901eaea5f0c30b464d3253a5d034ffefcb9b9d3c9e284887b9bb381)
- Linux arm64 (checksum / cfafbae85c31afde88c69f0e5053610c8c455826081c1b2d665d9b44c31b3759)
- Linux i386 (checksum / ecd4d0f3feb0f8448ed11e182e493e74c36572e1b52d47ecbed3e99919c8390d)
- Linux ppc64le (checksum / fb0313bfd6ec5a08d8755efb7e603f76633726160040434fd885e74b6c10e387)
- Linux s390x (checksum / 63dec602455337a6ec08ba16429ec2b87ab064ea563249c07c01f483c0c4bd4c)
- Windows amd64 (checksum / 35dc439baad85728dafd2be0edd4721ae5b770c5cf72c3adf9558b1415a9cae6)
This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E
and can be found at @mattfarina keybase account. Please use the attached signatures for verifying this release using gpg
.
The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash
.
What's Next
- 3.12.3 is the next patch/bug fix release and will be on August 9, 2023.
- 3.13.0 is the next feature release and be on September 13, 2023.
Changelog
- add GetRegistryClient method
1e210a2
(wujunwei) - chore(deps): bump oras.land/oras-go from 1.2.2 to 1.2.3
cfa7bc6
(dependabot[bot])
v3.12.1
: Helm v3.12.1
Helm v3.12.1 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.
The community keeps growing, and we'd love to see you there!
- Join the discussion in Kubernetes Slack:
- for questions and just to hang out
- for discussing MRs, code, and bugs
- Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
- Test, debug, and contribute charts: ArtifactHub/packages
Installation and Upgrading
Download Helm v3.12.1. The common platform binaries are here:
- MacOS amd64 (checksum / f487b5d8132bd2091378258a3029e33ee10f71575b2167cdfeaf6d0144d20938)
- MacOS arm64 (checksum / e82e0433589b1b5170807d6fec75baedba40620458510bbd30cdb9d2246415fe)
- Linux amd64 (checksum / 1a7074f58ef7190f74ce6db5db0b70e355a655e2013c4d5db2317e63fa9e3dea)
- Linux arm (checksum / 6ae6d1cb3b9f7faf68d5cd327eaa53c432f01e8fd67edba4e4c744dcbd8a0883)
- Linux arm64 (checksum / 50548d4fedef9d8d01d1ed5a2dd5c849271d1017127417dc4c7ef6777ae68f7e)
- Linux i386 (checksum / 983addced237a8eb921c2c8c953310d92031a6ce4599632edbe7cdb2c95a701e)
- Linux ppc64le (checksum / 32b25dba14549a4097bf3dd62221cf6df06279ded391f7479144e3a215982aaf)
- Linux s390x (checksum / f243b564cf7e4081fffdfe5a39487f6442fc439586a1f50cc59dd801c3e636a5)
- Windows amd64 (checksum / 9040f8f37c90600a51db4934c04bc9c2adc058cb2161e20b5193b3ba46de10fa)
This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E
and can be found at @mattfarina keybase account. Please use the attached signatures for verifying this release using gpg
.
The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash
.
What's Next
- 3.12.2 is the next patch/bug fix release and will be on July 12, 2023.
- 3.13.0 is the next feature release and be on September 13, 2023.
Changelog
- add some test case
f32a527
(wujunwei) - fix comment grammar error.
91bb1e3
(wujunwei) - bugfix:(#11391) helm lint infinite loop when malformed template object
5217482
(wujunwei) - chore(deps): bump github.com/opencontainers/runc from 1.1.4 to 1.1.5
524a0e7
(dependabot[bot]) - chore(deps): bump github.com/docker/distribution
c60cdf6
(dependabot[bot]) - update autoscaling/v2beta1 to autoscaling/v2 in skeleton chart
321f71a
(Dmitry Kamenskikh) - test(search): add mixedCase test case
aca1e44
(Höhl, Lukas) - chore(deps): bump github.com/lib/pq from 1.10.7 to 1.10.9
c09e93f
(dependabot[bot]) - chore(deps): bump github.com/Masterminds/squirrel from 1.5.3 to 1.5.4
8eab82b
(dependabot[bot]) - chore(deps): bump github.com/Masterminds/semver/v3 from 3.2.0 to 3.2.1
aa6b8aa
(dependabot[bot]) - fix(search): print repo search result in original case
5b19d8e
(Höhl, Lukas) - strict file permissions of repository.yaml
dee1fde
(shankeerthan-kasilingam) - update kubernetes dependencies from v0.27.0 to v0.27.1
4f32150
(Joe Julian)
kyverno/kyverno
v1.10.3
🐛 Fixed 🐛
Fixed an issue where the error is not returned when the deferred loader is disabled. (https://github.com/kyverno/kyverno/pull/7982)
v1.10.2
✨ Added ✨
- Added a new
--policyReports
flag to control if the Policy Reports system is enabled or not. When set to a value offalse
, only standard Events and log messages will contain policy violations both in admission mode as well as background scans. - Booleans can now be properly compared in conditional operators without needing to be converted to string. (#7847)
- Added log messages for API call failures. (#7834)
- Events will now be created upon successful resource generation. (#7550)
Helm
- Added an additional check to the ServiceMonitor template to ensure that the cluster supports the
monitoring.coreos.com/v1
API version and if not, it will silently not create the ServiceMonitor instead of failing deployment of the chart. (#7926) - Added chart configurations for cleanup and webhooks. (#7871)
- Add nodeSelector and labels to the cleanup CronJobs. (#7851, #7808)
⚠ ️ Changed ⚠ ️
- (kyverno-policies chart) Added a precondition to skip DELETE operations on a couple policies to make them all consistent. (#7883)
- Schema validation for policies matching on CRDs will be skipped. (#7869)
- Performed better validation of policies which use the
cloneList
declaration in generate rules. (#7823) - Removed an extra Event created by Kyverno in some verifyImages rules. (#7810)
- The Event created upon resource mutation has been updated to make more sense. (#7550)
🐛 Fixed 🐛
- Fixed an issue where higher log levels weren't being printed in the logs. (#7877)
- Fixed an issue with an entry in a nil map when validating a policy. (#7874)
- Fixed a type confusion problem. (#7857)
- Fixed an issue with namespaceSelector and matching on Namespaces. (#7837)
- Fixed an issue where category and severity annotations weren't being returned in policy reports from CLI tests. (#7828)
- Fixed an issue where some verifyImages rules may have broken in
Audit
mode. (#7806) - Fixed an issue in target scope validations for generate rules. (#7800)
- Fixed an issue with aggregated admission reports having stale results. (#7798)
- Fixed an issue preventing a rollback when a verifyImages rule was in place. (#7752)
- Removed some obsolete structs from the CLI. (#6802)
Helm
- Fixed a minor chart templating issue in RBAC. (#7774)
Click to expand all MRs
#7926 fix(chart): only create ServiceMonitor if cluster supports it
#7888 add flag for policy reports
#7883 fix(policy chart): Skip DELETE requests on policies using deny statements
#7877 fix log level in logging
package
#7874 policy validation: fix assignment to entry in nil map
#7871 feat(chart) Add configurations for cleanup jobs and webhooks
#7869 feat: skip schema validation for CRD
#7858 fix: add tekton/pipeline to nancy ignore list
#7857 fix type confusion in policy validation
#7851 Add nodeSelector for cleanupJob CronJob resources
#7847 feat: enable operator boolean comparison
#7837 fix: namespace label matching for Namespace
#7834 Added log message for API call failures
#7828 bug: add severity and category in cluster policy report
#7823 Feat: cloneList rule validation
#7810 fix: skip creating event for an empty resource name
#7808 feat: allow pod labels for cleanup jobs
#7806 refactor: remove manual keychain refresh from client
#7800 fix: target scope validation for the generate rule
#7798 fix: aggregated admission report not updated correctly
#7774 chart: fix admission controller rbac templating
#7752 Modified annotation matching during rollback
#7550 feat: add events for successful generation
#6802 refactor: remove obsolete structs from CLI
v1.10.1
This patch release of 1.10 unblocks users of generate rules using clone-type declarations as mentioned in the 1.10 migration guide.
Please see the complete 1.10.0 release notes if you are installing/upgrading to 1.10.1 without progressing through 1.10.0.
Please also see the security advisory here acknowledging detected vulnerabilities in the 1.10 release to which Kyverno is NOT susceptible.
✨ Added ✨
- Added the ability to assign custom labels to policy reports (#7416)
- All release artifacts are now signed (#7478, #7711)
- Added a new environment variable, settable on the background controller, called
BACKGROUND_SCAN_INTERVAL
which can override the background scan interval from its default of one hour (#7504) - Added a new container flag called
--enableDeferredLoading
(true
by default) which allows disabling of the new deferred/lazy context variable loading system introduced in 1.10.0 (#7694, #7691)
Helm
- Added the ability to configure tolerations, resources, and Pod annotations for the admission report cleanup jobs (#7331, #7337, #7366)
- Added missing
delete
verb to the admission reports cleanup job ClusterRole (#7375) - Added the ability to set verbs for the
additionalresources
ClusterRole used by the background controller to address the inability to generate Roles and ClusterRoles (#7380) - Removal of the Helm chart will now properly remove all Kyverno webhooks (#7633)
- Added ability to select cluster on the Grafana dashboard (#7659)
- Add
relabelings
andmetricRelabelings
config to all ServiceMonitors (#7659) - Make ConfigMap labels for the Grafana dashboard ConfigMap configurable (#7659)
- Added ability to use imagePullSecrets for the admission reports cleanup CronJobs (#7730)
⚠ ️ Changed ⚠ ️
- The new
order
field available underforeach
loops will now be respected when the mutation method ispatchStrategicMerge
(#7336) - Changed the message returned from a failed permissions check so it's more general in nature (#7362)
- Removed the redundant loop protection introduced in 1.10.0 making it possible to match on the same resource kind as Kyverno should generate (#7388)
- Performed some internal refactoring of the generate rule type (#7417)
- Make it so that setting
--webhookTimeout
affects all of Kyverno's webhooks and not just the resource webhooks (#7435) - Made it so that the
name
field for a rule is required (#7464) - Log kind, namespace, and name in processed resources (#7498)
- Refactored some reconciliation logic for generate rules (#7531)
- Mutation failures, when occurring within a
foreach
loop, will show the cause (#7563) - Bumped notation-go from 1.0.0-rc.3 to 1.0.0-rc.6 (#7666)
- Misc. refactors related to the changes/fixes in deferred/lazy loading (#7675, #7678, #7690)
🐛 Fixed 🐛
- Fixed a panic when a user installs a policy with an invalid schema (#6526)
- Fixed an issue where the
default
field in avariable
-type context variable was not being used when the result wasnil
(#7251) - Fixed a panic in the reports controller when it encounters an invalid image (#7332)
- Fixed an issue when
--protectManagedResources
was enabled which prevented generation of bindings (#7363) - Fixed a panic when environment variables weren't passed (#7383)
- Fixed an inability to use the
target.*
variable in a mutate existing rule (#7387) - Fixed a sync issue if an array element was removed from a clone source (#7417)
- Fixed an issue preventing background reports from being created if an empty response is received for a given API group (#7428)
- Fixed an issue where Policy Exceptions weren't being considered for deletes (#7433)
- Fixed an issue preventing one clone source from being used in multiple rules or for multiple targets (#7436)
- Fixed an issue with generate rules failing when the trigger resource kind used a forward slash (#7436)
- Fixed a generate issue in which removal of a single trigger would remove generated resources it shouldn't have (#7579)
- Fixed an issue with how Kyverno reports a failure when it cannot fetch a CRD (#7439)
- Fixed an issue with auto-gen not generating the correct matching kinds when overridden with the annotation (#7455)
- Fixed another issue with auto-gen in which CronJob translated rules weren't translating variables correctly (#7571)
- Fixed an issue with a generate rule using a cloneList declaration so that syncs are observed properly (#7466)
- Fixed a panic when the background controller substitutes a variable with
nil
(#7473) - Fixed the scope validation check for a generate rule so it detects the correct resource kind (#7479)
- Fixed an issue preventing generated resources from being removed when preconditions no longer matched (#7496)
- Fixed a slightly misleading error message in deny conditions (#7503)
- Fixed it (finally) so that no informational logs are produced when logging is set to
0
(#7515) - Fixed removal of ownerReferences when generating via clone a resource across Namespaces (#7517)
- Fixed residual issues from 1.10.0 for lazy/deferred loading of context variables (#7552, #7597)
- Fixed an issue performing image verification in background mode (#7564)
- Make configuring max procs not exit in case of error (#7588)
- Fixed some typos in the descriptions of flags applicable to the reports controller (#7617)
- Fixed a permissions check when installing a generate policy due to incorrect API group matching (#7628)
- Fixed an issue where the service name in a tracer configuration could not be customized (#7644)
- Fixed an issue with an image verification rule which would cause updating a Deployment with more than one container to fail (#7692)
- Fixed a minor issue in an error message (#7688)
- Fixed an issue with locking the schema manager which could result in CRDs not being found (#7704)
Helm
- Fixed missing environment variables in the admission controller (#7383)
- Fixed missing
extraEnvVars
on all controllers (#7403) - Fixed an issue templating the new reports cleanup job image (#7430)
- Fixed a typo when enabling anti-affinity (#7440)
- Fixed missing imagePullSecrets (#7474)
- Fixed missing
delete
verb for Secrets in the admission controller and cleanup controller (#7527, #7679)
Click to expand all MRs
7730 feat: Add option to add imagePullSecrets to cleanup CronJobs 7712 fix: remove show goreleaser version step 7711 fix: release signing 7704 fix: lock schema manager when updating it 7694 Fix deferred loading (cherry-pick #7597) 7692 fix: image verification (cherry-pick #7652) 7691 feat: add lazy loading feature flag (cherry-pick #7680) 7690 refactor: migrate context loaders (part 2) from #7597 (cherry-pick #7677) 7688 fix: Swap any/all in the error message. 7680 feat: add lazy loading feature flag 7679 fix: cleanup controller rbac (cherry-pick #7669) 7678 refactor: migrate context loaders (part 1) from #7597 (cherry-pick #7676) 7677 refactor: migrate context loaders (part 2) from #7597 7676 refactor: migrate context loaders (part 1) from #7597 7675 refactor: add specific loaders from #7597 (cherry-pick #7671) 7671 refactor: add specific loaders from #7597 7669 fix: cleanup controller rbac 7666 [Chore] bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 7659 feat: add cluster select and relabling config for ServiceMonitors 7652 fix: image verification with 2+ containers 7644 fix: customizable tracer configuration 7633 feat: enable Helm webhook cleanup hook by default 7628 fix: auth checks with the APIVersion and the subresource 7617 fix: update the flag descriptions of the reports-controller 7597 Fix deferred loading 7596 fix: CLI tests 7590 Add nancy-ignore to make it pass with current dependencies 7589 chore: reduce sleep duration for generate kuttl tests 7588 fix: make configuring max procs not exit in case of error 7579 fix: deletion mismatch for the generate policy 7571 fix: autogen not working correctly with cronjob conditions 7564 fix: background image verification not working 7563 Fix: Mutate: Foreach: Error cause is missing 7552 fix: recursive lazy loading 7531 refactor: generate reconciliation on policy updates 7527 fix: update kyverno admission-controller role to have delete verb for… 7517 fix: Remove ownerReferences when cloning across Namespaces 7515 fix: log level initialisation 7504 feat: add debug env BACKGROUND_SCAN_INTERVAL 7503 fix: misleading error message in deny conditions 7498 fix: log kind/namespace/name in scan errors 7496 fix: Delete downstream objects on precondition fail 7479 fix: target scope validation for the generate rule 7478 feat: sign released artifacts 7474 fix: image pull secrets in admission controller 7473 fix: background controller panics during variables substitution 7466 fix: cloneList sync behavior 7464 fix: rule name not required in the crd schema 7460 fix: flaky generate test 7455 fix: autogen not generating the correct kind 7440 fixed typo in admission controller chart template 7439 fix: error reported when sanity check fails 7436 fix: the same source cannot be used for multiple targets with a generate clone rule 7435 fix: add missing webhook timeouts 7433 fix: exceptions not considered on delete 7430 fix: helm template for cleanup jobs image 7428 fix: reports discovery error 7417 fix: array element removal should be synced to the downstream resource with a generate data sync rule 7416 feat: hold custom labels 7403 fix: missing extraEnvVars in helm chart 7388 Remove policy validation prevent loop for generate 7387 fix mutate targets validation 7383 fix: missing/incorrect env variables 7380 Allow setting verbs for clusterrole extraresources on backgroundController 7375 Add missing delete verb to admission cleanup clusterrole 7366 feat(cronjobs): Enable podAnnotations on CronJobs 7363 fix: protect managed resource not considering other components 7362 fix: permission validation message 7338 fix: flaky kuttl test add-external-secret-prefix 7337 feat: cleanup jobs resources 7336 feat: obey the order field in patchStrategicMerge method 7332 fix: panic in background reports 7331 feat: cleanup job tolerations 7251 Fix: [Bug] The default field in a context variable does not replace nil results 6526 fix: add type conversion error judgment to avoid program panic
v1.10.0
v1.9.5
🐛 Fixed 🐛
- Removed some insecure 3DES ciphers. (#7308 )
Click to expand all MRs
#7308 fix: tls cipher suites
v1.9.4
🐛 Fixed 🐛
- Fixed an issue with the podSecurity subrule (
validate.podSecurity
) in which using thelatest
version of the PSS caused the Seccomp control to not be evaluated properly. (#7263)
Click to expand all MRs
#7263 fix: PSa latest version check
v1.9.3
v1.9.3
✨ Added ✨
#- Added support for configuring webhook annotations via the ConfigMap's
webhookAnnotations
stanza. This should fix problems for AKS users with the Admission Enforcer entering a reconciliation war with Kyverno over its webhooks. (#6579)
🐛 Fixed 🐛
mikefarah/yq
v4.35.1
: - Lua Output!
- Added Lua output support (Thanks @Zash)!
- Added BSD checksum format (Thanks @viq)!
- Bumped dependencies
v4.34.2
Bumped depedencies
rancher/k3d
v5.6.0
Added
Changed
-
Potentially Breaking: For people using k3d as a module: switch from netaddr.af to netipx + netip (changed some code around
host.k3d.internal
and the docker runtime) - Potentially Breaking: K3d config directory may change for you: Adhere to XDG's configuration specification (#1320)
Fixed
- docs: fix go install command (#1337)
- fix docs links in CONTRIBUTING.md
- chore: pkg imported more than once (#1313)
v5.5.2
Fixed
- docs: fix list failing to render (#1300)
- bump dependencies to fix
Invalid Host Header
issue with Docker/Moby#45935
Changed
- change: proxy - update nginx-alpine base image (#1309)
- change: add empty /tmp to binary-only image to make it work with config files
Added
- add: workflow to label issues/prs by sponsors
terraform-aws-modules/terraform-aws-eks
v19.16.0
Features
- Add
node_iam_role_arns
local variable to check for Windows platform on EKS managed nodegroups (#2477) (adb47f4)
19.15.4 (2023-07-27)
Bug Fixes
19.15.3 (2023-06-09)
Bug Fixes
19.15.2 (2023-05-30)
Bug Fixes
- Ensure
isra_tag_values
can be tried before defaulting tocluster_name
on Karpenter module (#2631) (6c56e2a)
19.15.1 (2023-05-24)
Bug Fixes
v19.15.4
v19.15.3
terraform-aws-modules/terraform-aws-iam
v4.24.1
v4.24.0
Features
v4.23.0
Features
- Improved iam-eks-role module (simplified, removed provider_url_sa_pairs, updated docs) (#236) (d014730)
4.22.1 (2022-04-25)
Bug Fixes
v4.22.1
v4.22.0
Features
4.21.1 (2022-04-22)
Bug Fixes
v4.21.1
v4.21.0
Features
4.20.3 (2022-04-20)
Bug Fixes
4.20.2 (2022-04-19)
Bug Fixes
4.20.1 (2022-04-15)
Bug Fixes
v4.20.3
v4.20.2
v4.20.1
v4.20.0
Features
- Add support for AMP, cert-manager, and external-secrets to
iam-role-for-service-accounts-eks
(#223) (f53d409)
v4.19.0
Features
- Add variable to allow changing tag condition on Karpenter
iam-role-for-service-accounts-eks
policy (#218) (3d7ea33)
v4.18.0
Features
4.17.2 (2022-03-31)
Bug Fixes
4.17.1 (2022-03-29)
Bug Fixes
v4.17.2
v4.17.1
v4.17.0
Features
v4.16.0
Features
4.15.1 (2022-03-23)
Bug Fixes
- Permit
RunInstances
permission for Karpenter when request containskarpenter.sh/discovery
tag key (#209) (18081d1)
v4.15.1
v4.15.0
Features
- Made it clear that we stand with Ukraine (8e2b836)
Bug Fixes
v4.14.0
Features
- Add variable to change IAM condition test operator to suite; defaults to
StringEquals
(#201) (8469c03)
4.13.2 (2022-03-02)
Bug Fixes
4.13.1 (2022-02-18)
Bug Fixes
v4.13.2
v4.13.1
v4.13.0
Features
v4.12.0
Features
v4.11.0
Features
4.10.1 (2022-01-21)
Bug Fixes
v4.10.1
v4.10.0
Features
v4.9.0
Features
v4.8.0
Bug Fixes
Features
v4.7.0 - 2021-10-14
- feat: Added support for trusted_role_actions for MFA in iam-assumable-role (#171)
v4.6.0 - 2021-09-20
- feat: Added output group_arn to iam-group-with-policies (#165)
v4.5.0 - 2021-09-16
- feat: Added id of iam assumable role to outputs (#164)
v4.4.0 - 2021-09-10
- feat: Add ability for controlling whether or not to create a policy (#163)
- docs: Update version constraints (#162)
v4.3.0 - 2021-08-18
- feat: Add support for cross account access in iam-assumable-role-with-oidc (#158)
v4.2.0 - 2021-06-29
- feat: Support External ID with MFA in iam-assumable-role (#159)
v4.1.0 - 2021-05-03
- feat: Add support tags to additional IAM modules (#144)
- chore: update CI/CD to use stable
terraform-docs
release artifact and discoverable Apache2.0 license (#151)
v4.0.0 - 2021-04-26
- feat: Shorten outputs (removing this_) (#150)
v3.16.0 - 2021-04-20
- feat: Add iam role unique_id to outputs (#149)
v3.15.0 - 2021-04-15
- fix: Set sensitive=true for sensitive outputs and use tolist() (#148)
v3.14.0 - 2021-04-07
- feat: Add role unique_id output in iam-assumable-role module (#143)
- chore: update documentation and pin
terraform_docs
version to avoid future changes (#142)
v3.13.0 - 2021-03-11
- feat: Allows multiple STS External IDs to be provided to an assumable role (#138)
v3.12.0 - 2021-03-05
- feat: Add iam-assumable-role-with-saml module (#127)
v3.11.0 - 2021-03-04
- fix: handle unencrypted secrets (#139)
- chore: update ci-cd workflow to allow for pulling min version from each directory (#137)
v3.10.0 - 2021-03-01
- fix: Update syntax for Terraform 0.15 (#135)
- chore: Run pre-commit terraform_docs hook (#133)
- chore: add ci-cd workflow for pre-commit checks (#132)
v3.9.0 - 2021-02-20
- chore: update documentation based on latest
terraform-docs
which includes module and resource sections (#131)
v3.8.0 - 2021-01-29
- feat: Add arn of created group(s) to outputs (#128)
v3.7.0 - 2021-01-14
- fix: Multiple provider_urls not working with iam-assumable-role-with-oidc (#115)
v3.6.0 - 2020-12-04
- feat: Fixed number of policies everywhere (#121)
v3.5.0 - 2020-12-04
- fix: automatically determine the number of role policy arns (#119)
v3.4.0 - 2020-11-13
- feat: iam-assumable-roles-with-saml - Allow for multiple provider ids (#110)
v3.3.0 - 2020-11-02
- ci: Updated pre-commit hooks, added terraform_validate (#106)
v3.2.0 - 2020-10-30
- docs: Updated examples in README (#105)
v3.1.0 - 2020-10-30
- Bump new major release v3
v3.0.0 - 2020-10-30
- feat: Added number_of_ variables for iam-assumable-role submodules (#96)
v2.25.0 - 2020-10-30
- fix: remove empty string elements from local.urls in iam-assumable-role-with-oidc submodule (#99)
v2.24.0 - 2020-10-30
- feat: Add role_name_prefix option for oidc roles (#101)
v2.23.0 - 2020-10-30
v2.22.0 - 2020-10-16
- feat: Add role description variable for assumable role with oidc (#98)
v2.21.0 - 2020-09-22
- fix: Fixed ses_smtp_password_v4 output name
v2.20.0 - 2020-09-08
- fix: simplify count statements (#93)
v2.19.0 - 2020-09-08
- fix: Allow running on custom AWS partition (incl. govcloud) (#94)
v2.18.0 - 2020-08-18
- feat: modules/iam-assumable-role-with-oidc: Support multiple provider URLs (#91)
v2.17.0 - 2020-08-17
v2.16.0 - 2020-08-17
- fix: Allow modules/iam-assumable-role-with-oidc to work in govcloud (#83)
v2.15.0 - 2020-08-17
- feat: Added support for sts:ExternalId in modules/iam-assumable-role (#90)
v2.14.0 - 2020-08-13
- fix: Delete DEMRECATED ses_smtp_password in iam-user. (#88)
v2.13.0 - 2020-08-13
v2.12.0 - 2020-06-10
- Updated formatting
- fix: Fix conditions with multiple subjects in assume role with oidc policy (#74)
v2.11.0 - 2020-06-10
- feat: Allow to set force_detach_policies on roles (#68)
v2.10.0 - 2020-05-26
- fix: Allow customisation of trusted_role_actions in iam-assumable-role module (#76)
v2.9.0 - 2020-04-23
- feat: modules/iam-user - Output SMTP password generated with SigV4 algorithm (#70)
v2.8.0 - 2020-04-22
- docs: Add note about pgp_key when create_iam_login_profile is set (#69)
- fix: Fix module source and name in README (#65)
- fix typo (#62)
v2.7.0 - 2020-02-22
- Updated pre-commit-terraform with README
- Add instance profile to role sub-module (#46)
v2.6.0 - 2020-01-27
- Rename module from "-iodc" to "-oidc" (#48)
v2.5.0 - 2020-01-27
- New sub-module for IAM assumable role with OIDC (#37)
v2.4.0 - 2020-01-09
- Updated pre-commit hooks
- iam-assumable-role: add description support (#45)
- Removed link to missing complete example (fixed #34)
v2.3.0 - 2019-08-21
- Added description support for custom group policies using a lookup (#33)
v2.2.0 - 2019-08-21
- Added trusted_role_services to iam-assumable-roles, autoupdated docs
- Add Trusted Services to iam-assumable-role (#31)
- Fix link to iam-assumable-role example in README (#35)
v2.1.0 - 2019-06-11
- Removed duplicated tags from variables in iam-user (#30)
v2.0.0 - 2019-06-11
- Upgraded module to support Terraform 0.12 (#29)
v1.0.0 - 2019-06-11
- Fixed styles after #26
- iam-user,iam-assumable-role,iam-assumable-roles,iam-assumable-roles-with-saml tags support (#26)
v0.5.0 - 2019-05-15
- Added support for list of policies to attach to roles (#25)
v0.4.0 - 2019-03-16
- Minor adjustments
- assumable roles for Users with SAML Identity Provider (#19)
v0.3.0 - 2019-02-20
- Added iam-group-with-policies and iam-group-complete
v0.2.0 - 2019-02-19
- Added iam-group-with-assumable-roles-policy and iam-assumable-role (#18)
v0.1.0 - 2019-02-19
v0.0.7 - 2018-08-19
- Follow-up after #12, added possibility to upload IAM SSH public keys
- Ssh key support (#12)
- fix descriptions of variables (#10)
v0.0.6 - 2018-05-28
- Custom Session Duration (#9)
v0.0.5 - 2018-05-16
- Added pre-commit hook to autogenerate terraform-docs
- Implement conditional logic for role creation (#7)
v0.0.4 - 2018-03-01
- Add max_password_age for password policy (#5)
v0.0.3 - 2018-02-28
- Added iam-user module (#4)
v0.0.2 - 2018-02-12
v0.0.1 - 2018-02-05
- Do pre-commit run on all code
- Added iam-account
- Initial commit
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.